Security

Reply
Occasional Contributor I

Network Scan stuck/hangs when scanning WinXP or Win2003 Server

We did a fresh install of Clearpass Version 6.7.8.109113 as a VM under ESX.

The Network-Scanner/Profiler with WMI enabled stops working when it hits a WinXP or Windows 2003 Server. In the GUI the scan keeps on "running" state, i can't see any Network Paket with Wireshark to the targted machine.

 

In this moment i can't start a new scan. I have to delete the scan an reboot the CPPM-VM.

 

Enabling NTLMV1 Support doesn't make a change.

 

Any tips?

Clip1.png

MVP Expert

Re: Network Scan stuck/hangs when scanning WinXP or Win2003 Server

I ran into this same issue, apparently there is a string returned from some Windows devices during the WMI query that CPPM's Linux Shell interprits as a command / string forcing the scan to actually stop, although it shows "running" in the web GUI. 

 

I had to work with Aruba TAC to find this in the backend logs, and they suggested it as an unusual problem with the windows device itself. 

 

We had to disable WMI query all together, but since it's only effective on Windows devices, and other profiling methods are fairly good at detecting Windows machines, we haven't been too concerned about it being turned off. 

 

The other option is to setup the scans to avoid those specific IPs if they are reserved or static on the network.



Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Occasional Contributor I

Re: Network Scan stuck/hangs when scanning WinXP or Win2003 Server

I called the Aruba Support and the can reproduce the problem. They are working on it, but I dond't have an soltion right now.

 

I'm new to clearpass, can yout explain how specific IP's can be excluded from the wmi scan?

MVP Expert

Re: Network Scan stuck/hangs when scanning WinXP or Win2003 Server

It's going to largely depend on how your network is setup, but basically
when you define the subnets for scanning, you would exclude that subnet.
Ideally you would hope it's a /24 or smaller, but it may be a challenge if
the network is larger.

In our case we disabled WMI all together because it would randomly pop up
in multiple networks of ours and the other subnet scans would never
complete. We have a lot of network space, so I have our subnet scans
running back to back overnight almost every day.


Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Occasional Contributor I

Re: Network Scan stuck/hangs when scanning WinXP or Win2003 Server

OK - i do so already.

I thought you found a way to scan the Subnet but exlcude special IPs from scanning.

MVP Expert

Re: Network Scan stuck/hangs when scanning WinXP or Win2003 Server

Unfortunately no, that would be nice though. You could theoretically
further segment a /24 for example in your config though to minimize the
skipped number of devices. It doesn't have to match the network size on the
LAN though, it's just telling CPPM to scan IPs from this to that.


Michael Haring
If my answer is helpful, a Kudos is always appreciated!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: